The present invention relates to a method for automatically validating a transaction between an issuer having a signing key, an emitter having an emitter key, an acceptor having a unique identity and a limit on transactions and a validator. The present invention further relates to an electronic payment system comprising a bank computer system, a user computer system, a merchant computer system and a validator computer system, a computer program and a computer program product.
Methods and systems for performing and validating transactions are faced with a variety of competing objectives. While on the one hand they should be provably correct and secure, such that no one participating in a transaction can gain an undue advantage, for example by assuming a false identity or willfully changing transaction values, on the other hand the identity of participants and their exact interaction should often remain anonymous. At the same time, operations to implement a transaction protocol should be computationally efficient and follow standard procedures.
Electronic payment systems for paying for goods and services on-line, in particular over the Internet, are a particular important example of electronic transaction systems. Without fast, secure, anonymous and easy-to-implement electronic payment systems, the growth of electronic commerce may be at risk. In consequence, several electronic payment systems have been developed by both researchers and financial institutions. One example of such a system is described in a paper by J. Camenisch, S. Hohenberger and A. Lysyanskaya titled “Compact E-Cash”, published in EUROCRYPT, Vol. 3494 of LNCS, pages 302-321, 2005, which is herewith included by reference and referred to as CHL system. The CHL system is provably secure and anonymous, i.e. whilst coins cannot be reused within the system, a bank or coin issuer cannot recover the identity of a user or emitter, who spent the coin with a merchant or an acceptor when it is deposited with the bank again.
However, this and similar systems have one disadvantage: They are open to electronic money laundering. In various scenarios, a high number of transactions involving, representing, for example, high flows of cash between any two parties, should be detected, prevented or reported. Applications include the prevention of tax evasion, corruption and large-scale fraud, for example.
A system is described by M. Stadler, J.-M. Piveteau and J. Camenisch in a paper titled “Fair Blind Signatures” at EUROCRYPT '95, Vol. 921 of LNCS, pages 209-219, 1995, as having a trusted third party that can revoke anonymity of the users at any time to prevent money laundering. However, having a third party is a major drawback for an electronic payment system as users of the systems can never be sure, under what circumstances their anonymity may be revoked.
Other systems, for example an electronic payment system by T. Okamoto and K. Ohta described in a paper titled “Disposable Zero-Knowledge Authentications and their Applications to Untraceable Electronic Cash” in CRYPTO, Vol. 435 of LNCS, pages 481-496, 1990, offer users only a limited form of anonymity to prevent misuse. In this system, the coins of the user are anonymous but can be linked to one another. This severely restricts the anonymity of the electronic payment system.
Consequently, there exists a need for improved secure, anonymous transaction systems and methods. It is a particular challenge to devise an electronic payment system that can help to prevent electronic money laundering.